Re: My little something...

Peter Fairbrother wrote:
Tom St Denis wrote:

Look at Differential or Linear cryptanalysis.
Suppose you used Khafre+Khufu as your ciphers. DC broke both of them.
It's entirely possible to chain an attack through both and recover the
key.

It is? Any idea of the complexity of eg a chosen plaintext key recovery
attack on the 16-round versions using independant keys?

I said possible, not that it exists.

I'd guesstimate a conservative minimum of 2^90 time with as many chosen
plaintexts. I think it might be a whole lot more. I haven't time to do a
real analysis though, any ref's?

See Bihams papers from the 90s.

I would wonder whether it was better than brute force, if Khafre and Khufu
didn't have unreasonably large keyspaces. However I think any DC attack
would be impractical.

Hint: most cryptanalytic attacks are impractical. Just like the NSA
spending a billion dollars to read your letters home to aunt mae.

I don't think an impossible differential or boomerang attack on the combo
would be practical either, even though both ciphers are vulnerable to those
attacks when used individually.

Yeah, and COCONUT98 was a perfectly immune cipher to differential
attacks ...

We could go back and forth on this all day. The problem is though that
we're both effectively talking about something we don't know about.
That is, future unknown attacks.

And when it comes down to it, you're more likely to need security from
the average crook with a home PC than from the NSA. Despite what you
may think, the government is not out to get you [at least not
personally, it's been my experienced any organized mob, er, government
indiscriminantly screws people].

So while you're defending against the spooks and the alien invaders,
I'll stick to defending myself [and the people I help] against the real
threats that they really face in the real world.

Tom

.

Relevant Pages

  • Re: New algorithm
    ... It must be secure against all known attacks. ... That is why Scott asked Peteyj1 what ciphers Peteyj1 ... Now when you design your own cipher, ... experience at inventing novel attacks to try. ...
    (sci.crypt)
  • Re: chaining algorithms together
    ... For example, if you encrypt ... Serpent and we will have to find a way to make sure the ciphers are ... commuting which opens the cascade to bit swapping attacks and so on. ... > securely deleted, along with the plaintext. ...
    (sci.crypt)
  • Re: Is YellowCrypt OK?
    ... Read up on the distinguishing attacks on RC4. ... "On the Applicability of Distinguishing Attacks Against Stream Ciphers ...
    (sci.crypt)
  • Re: Countering chosen-plaintext attacks
    ... >>you name a few ciphers that are desigened to 'well' resist ... > Ciphers that resist chosen-input attacks? ... > this thread is about chosen input attacks right? ... Integrity check is a byproduct of item of my original ...
    (sci.crypt)
  • Re: How to start in cryptoanalysis?
    ... > It cites tons of papers... ... Learning to do cryptanalysis is extremely difficult because unlike ... creating ciphers there are no recipes available. ... created I don't even know how many Wide Trail ciphers, verified attacks on ...
    (sci.crypt)